CVE-2017-11479 - Vulnerability Details

Vendors	Products
Elastic	Kibana
Elasticsearch	Kibana

Link	Providers
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884
https://nvd.nist.gov/vuln/detail/CVE-2017-11479
https://www.cve.org/CVERecord?id=CVE-2017-11479

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-29T23:06:18", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2017-11479", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884", "refsource": "MISC", "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:39.828Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2017-11479", "datePublished": "2017-09-28T19:00:00", "dateReserved": "2017-07-20T00:00:00", "dateUpdated": "2024-08-05T18:12:39.828Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2017-09-28T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-10-29T23:06:18 (string)

orgId : 271b6943-45a9-4f3a-ab4e-976f3fa05b5a (string)

shortName : elastic (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

}

1 : { »

name : [oss-security] 20191023 Membership application for linux-distros - VMware (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2019/10/24/1 (string)

}

2 : { »

name : [oss-security] 20191029 Re: Membership application for linux-distros - VMware (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2019/10/29/3 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@elastic.co (string)

ID : CVE-2017-11479 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

refsource : MISC (string)

url : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

}

1 : { »

name : [oss-security] 20191023 Membership application for linux-distros - VMware (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2019/10/24/1 (string)

}

2 : { »

name : [oss-security] 20191029 Re: Membership application for linux-distros - VMware (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2019/10/29/3 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T18:12:39.828Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

}

1 : { »

name : [oss-security] 20191023 Membership application for linux-distros - VMware (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2019/10/24/1 (string)

}

2 : { »

name : [oss-security] 20191029 Re: Membership application for linux-distros - VMware (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2019/10/29/3 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 271b6943-45a9-4f3a-ab4e-976f3fa05b5a (string)

assignerShortName : elastic (string)

cveId : CVE-2017-11479 (string)

datePublished : 2017-09-28T19:00:00 (string)

dateReserved : 2017-07-20T00:00:00 (string)

dateUpdated : 2024-08-05T18:12:39.828Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AAAFDC79-44C7-4CD4-BAF7-E4263A94D55E", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "19498633-0929-4FA6-84AA-21D392CF9431", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFD1A0D0-D2AD-48A1-B833-4D3914631D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "794A6F03-3152-4A05-911F-3EA58250E906", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "69E8AB6F-EA19-4C92-8AAE-FE6EFA06AF4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE1AED-DB91-4DAA-9AD8-5859C7D58AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B420684-A6B0-46E4-8214-F8BB1D3E1E8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEBBEEC5-0843-41F1-BD55-0C8C8CA781FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D88ABA67-0305-46E3-AAED-E3FC9F963F69", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "93558649-84F5-448A-B191-1A0052150929", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "02CD0D6D-2AC7-46E2-ABBE-B780F47DD4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "059C285F-499A-481D-876E-9BEA2EC8628C", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E741D583-C568-4A93-A344-A54267B292F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "653C9B4E-5A67-4566-B687-68454C72B1E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "852CEAF2-B88A-44AB-8B83-9A568CDBCEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "BDBCC33B-3171-4AD4-A57D-4C0C78536DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F168795-5821-407A-B789-3673A51D2393", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8116EC73-5279-48F3-A958-0C8FAB8755B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "22B3710A-8F7E-42C5-9832-47FF3EF89443", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6A2BA4B-B74F-40B9-9536-80BF19DE9B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C22151C-45AD-44DB-B3E0-178BC93CC8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73DFD4F0-9179-4B37-90B0-8CFF88CE3828", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."}, {"lang": "es", "value": "Las versiones anteriores a la 5.6.1 de Kibana presentan una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Timelion que podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible o realizar acciones destructivas en nombre de otros usuarios de Kibana."}], "id": "CVE-2017-11479", "lastModified": "2024-11-21T03:07:52.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-29T01:34:48.530", "references": [{"source": "bressers@elastic.co", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"source": "bressers@elastic.co", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"source": "bressers@elastic.co", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AAAFDC79-44C7-4CD4-BAF7-E4263A94D55E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 19498633-0929-4FA6-84AA-21D392CF9431 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : AFD1A0D0-D2AD-48A1-B833-4D3914631D33 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 794A6F03-3152-4A05-911F-3EA58250E906 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 69E8AB6F-EA19-4C92-8AAE-FE6EFA06AF4F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FDE1AED-DB91-4DAA-9AD8-5859C7D58AA8 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B420684-A6B0-46E4-8214-F8BB1D3E1E8D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FEBBEEC5-0843-41F1-BD55-0C8C8CA781FE (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D88ABA67-0305-46E3-AAED-E3FC9F963F69 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 93558649-84F5-448A-B191-1A0052150929 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 02CD0D6D-2AC7-46E2-ABBE-B780F47DD4B9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 059C285F-499A-481D-876E-9BEA2EC8628C (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E741D583-C568-4A93-A344-A54267B292F2 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 653C9B4E-5A67-4566-B687-68454C72B1E7 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 852CEAF2-B88A-44AB-8B83-9A568CDBCEBD (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : BDBCC33B-3171-4AD4-A57D-4C0C78536DD9 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F168795-5821-407A-B789-3673A51D2393 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8116EC73-5279-48F3-A958-0C8FAB8755B4 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 22B3710A-8F7E-42C5-9832-47FF3EF89443 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F6A2BA4B-B74F-40B9-9536-80BF19DE9B15 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C22151C-45AD-44DB-B3E0-178BC93CC8DB (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73DFD4F0-9179-4B37-90B0-8CFF88CE3828 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (string)

}

1 : { »

lang : es (string)

value : Las versiones anteriores a la 5.6.1 de Kibana presentan una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Timelion que podría permitir a un atacante obtener información sensible o realizar acciones destructivas en nombre de otros usuarios de Kibana. (string)

}

]

id : CVE-2017-11479 (string)

lastModified : 2024-11-21T03:07:52.263 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-09-29T01:34:48.530 (string)

references : [ »

0 : { »

source : bressers@elastic.co (string)

url : http://www.openwall.com/lists/oss-security/2019/10/24/1 (string)

}

1 : { »

source : bressers@elastic.co (string)

url : http://www.openwall.com/lists/oss-security/2019/10/29/3 (string)

}

2 : { »

source : bressers@elastic.co (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2019/10/24/1 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2019/10/29/3 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 (string)

}

]

sourceIdentifier : bressers@elastic.co (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kibana: XSS vulnerability in Timelion could allow an attacker obtain sensitive information or perform user actions", "id": "1533359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533359"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."], "name": "CVE-2017-11479", "package_state": [{"cpe": "cpe:/a:redhat:openstack-optools:7", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools"}, {"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat OpenShift Enterprise 3"}, {"cpe": "cpe:/a:redhat:openstack-optools:8", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat OpenStack Platform 8 (Liberty) Operational Tools"}, {"cpe": "cpe:/a:redhat:openstack-optools:9", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat OpenStack Platform 9 (Mitaka) Operational Tools"}], "public_date": "2017-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-11479\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11479"], "threat_severity": "Moderate"}

{

bugzilla : { »

description : kibana: XSS vulnerability in Timelion could allow an attacker obtain sensitive information or perform user actions (string)

id : 1533359 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1533359 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

status : draft (string)

}

cwe : CWE-79 (string)

details : [ »

0 : Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. (string)

]

name : CVE-2017-11479 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:openstack-optools:7 (string)

fix_state : Not affected (string)

package_name : kibana (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools (string)

}

1 : { »

cpe : cpe:/a:redhat:openshift:3 (string)

fix_state : Not affected (string)

package_name : kibana (string)

product_name : Red Hat OpenShift Enterprise 3 (string)

}

2 : { »

cpe : cpe:/a:redhat:openstack-optools:8 (string)

fix_state : Not affected (string)

package_name : kibana (string)

product_name : Red Hat OpenStack Platform 8 (Liberty) Operational Tools (string)

}

3 : { »

cpe : cpe:/a:redhat:openstack-optools:9 (string)

fix_state : Not affected (string)

package_name : kibana (string)

product_name : Red Hat OpenStack Platform 9 (Mitaka) Operational Tools (string)

}

]

public_date : 2017-09-28T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2017-11479 https://nvd.nist.gov/vuln/detail/CVE-2017-11479 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object